A great deal of employees have inappropriate access to sensitive data

The onset of COVID-19 and resulting distributed workforce have introduced new and complex challenges for businesses, with 45% of IT decision-makers reporting increased pressure from the board around the security of their organization.

These findings highlight an increased concern over identity-based threats and the need for user access visibility across the IT estate as organizations navigate their zero trust journey.

Identity-based threats

The study highlighted major concerns for the virtual workforce, with 52% of respondents stating that identity-specific threats are keeping them up at night. For a workforce that is both remote and distributed, decision-makers expressed concern over malicious actors impersonating employees, alongside instances of inappropriate access to sensitive information.

The other major concern is centered around the dynamic nature of modern multi-cloud environments, which saw a significant acceleration due to quick implementation of digital transformation initiatives, complicating access control and enforcement. Both concerns bring into focus that without visibility and a unified view into user access by enterprises across their application estate, the risk the results highlight is quite real.

Quantifying the problem of inappropriate access to sensitive data

The study also found that:

• IT leaders expressed concern about inappropriate or malicious access to applications and data. 47% are concerned about malicious actors impersonating employees and 41% are concerned about inappropriate access to sensitive information.
• This concern is justified. 76% of employees had inappropriate access to a sensitive data file, and 76% were granted inappropriate access to sensitive files within the past year.
• IT leaders must have better visibility to users to set policy and respond to security events. IT leaders said they need to understand the users’ identity to create application access control policy (77%), manage policy compliance (73%), and respond to incidents (70%).

Zero trust security model

Because many applications are now running in heterogenous, multi-cloud environments, a trend that has been accelerated by the remote and distributed workforce, enterprises must protect an expanding threat surface within their IT estate. The survey results show that zero trust has become more than an industry buzzword in response.

vArmour’s research shows that many IT leaders are implementing a zero trust security model, with 33% having implemented one organization-wide and 31% currently scaling an implementation. In addition, 14% are piloting a project, 16% are considering zero trust, and only 7% of IT leaders report they are NOT considering a zero trust security model.

“Many of our customers are asking us how we can accelerate their zero trust journey,” said Keith Stewart, SVP Product at vArmour. “Organizations need real-time visibility and control of user access to applications across their entire enterprise IT estate in order to take steps toward embracing a zero trust strategy. Understanding the relationships between every application, every relationship and every user in every environment can help businesses create and orchestrate consistent security policies enterprise-wide.”